AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,625

AI/ML CVEs Tracked

226

Critical

87

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 573 results — Medium severity

Severity CVE ID Summary CVSS EPSS Package Date

MEDI CVE-2026-43979 local-deep-research: HTML injection enables SSRF via WeasyPrint 5.0 — local-deep-research May 11 MEDI CVE-2026-44571 open-webui: auth bypass allows message tampering 6.5 — open-webui May 11 MEDI CVE-2026-44337 PraisonAI: SQL/CQL injection in knowledge-store backends 6.3 0.1% PraisonAI May 11 MEDI CVE-2026-44897 mistune: XSS via unescaped heading id= attribute 6.1 — mistune May 9 MEDI CVE-2026-44708 mistune: math plugin XSS bypasses escape=True control 6.1 — mistune May 8 MEDI CVE-2026-44568 open-webui: XSS in pending overlay enables session hijack 4.8 — open-webui May 8 MEDI CVE-2026-42282 n8n-MCP: credential logging exposes OAuth tokens in HTTP mode 4.3 0.1% — May 8 MEDI CVE-2026-44560 open-webui: RAG auth bypass exposes private files 6.5 — open-webui May 8 MEDI CVE-2026-44561 open-webui: auth bypass exposes private group channels 5.4 — open-webui May 8 MEDI CVE-2026-44564 open-webui: auth bypass in collaborative doc editing 5.4 — open-webui May 8 MEDI CVE-2026-44563 open-webui: auth bypass exposes restricted LLM models 5.4 — open-webui May 8 MEDI CVE-2026-44562 open-webui: missing authz enables model hijacking 6.5 — open-webui May 8 MEDI CVE-2026-44559 open-webui: private channel member list exposed to any user 4.3 — open-webui May 8 MEDI CVE-2026-44557 open-webui: auth bypass exposes all knowledge base metadata 4.3 — open-webui May 8 MEDI CVE-2026-44558 open-webui: permission bypass exposes channels publicly 5.4 — open-webui May 8 MEDI CVE-2026-44550 open-webui: mass assignment enables cross-user folder injection 5.0 — open-webui May 8 MEDI CVE-2026-40610 BentoML: symlink traversal exfiltrates host secrets at build 5.5 — bentoml May 7 MEDI CVE-2026-44479 vercel: auth token leak in AI agent non-interactive mode 5.5 — — May 7 MEDI GHSA-cqmh-pcgr-q42f @axonflow/openclaw: credential exposure via insecure file permissions 5.5 — @axonflow/openclaw May 6 MEDI CVE-2026-44223 vLLM: speculative decoding DoS via penalty params 6.5 — vllm May 6

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial